A new type of extortion email has been sneaking into inboxes over the last year. You may be familiar with the traditional ransom email. You would receive an email from a miscreant saying that your browsing habits have been recorded, and without sending a payment this sensitive information will be revealed to the world, to your family, to your colleagues.

What makes this new email particularly frightening to the receiver, is that these messages include a real password that was linked to their email address.

Quite often, these are historic passwords, that might not have been used for a number of years. These passwords are most likely pulled from the big database leaks that you may have heard about in the news. Companies like Adobe, Yahoo and Tesco have had data such as usernames and passwords posted to forums where these scammers can readily access them. Details of the websites that have had breaches, and the ability to check if your data was included in one of these breaches can be found on websites such as; Have I Been Pwned.

The scammer will claim that, by using this password, they were able to access your web camera, record the sites you were visiting, and your actions while viewing these sites. They say that they installed malware on your computer or that they have accessed your contacts.

The truth is, that the attackers do not have any of this information. They are finding your data from these breaches and sending it to you in the hope that you are adequately frightened and will send them the ransom money.

How can I protect myself?

IQ in IT have received a number of emails about this scam over the last month and were able to advise our clients on how to proceed. To start, IQ in IT recommend you use a webcam privacy cover, with which you can cover your monitor’s webcam when not in use. Here at IQ in IT, we provide these for free and always have them to hand when attending events.

IQ in IT are also happy to share that there is no merit in these emails and that they should be ignored. The only scary part here is that, this data is being breached from trustworthy companies. Make sure that you are regularly changing your passwords and always using secure passwords. Here at IQ in IT we recommend using a password manager that can generate and store unique passwords for every website.